INTERPOL finds nearly 9,000 command and control servers in ASEAN

The operation also identified hundreds of compromised websites, including government portals.

An INTERPOL-led operation in the ASEAN region has identified about 9,000 Command and Control (C2) servers and hundreds of compromised websites, including government portals.

About 270 websites are infected with a malware code that exploited a vulnerability in the website design application. Among these, several government websites may have contained personal data of their citizens.

A large number of phishing website operators were also identified, including one with links to Nigeria. One Indonesian-based criminal selling phishing kits via the Darknet had posted YouTube videos showing customers how to use the illicit software.

The operation is an example of how the public and private sectors can work efficiently together in combating cybercrime.

"With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries," said IGCI Executive Director Noboru Nakatani. "Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long term effectiveness in managing cooperation networks for both future operations and day-to-day activity in combating cybercrime."

Active across eight countries

The threats posed by the 8,800 C2 servers were found to be active across eight countries and included various malware families including those targeting financial institutions, spreading ransomware, launching Distributed Denial of Service (DDoS) attacks and distributing spam.

Ran out of the INTERPOL Global Complex for Innovation (IGCI), the operation brought together investigators from Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam and China.

The operation is said to have helped develop capacity and expertise of officers in the participating countries.

In addition, the operation also helped identify the different legislative requirements and regulations around the region. This provided participants with a greater knowledge and understanding of the avenues and restrictions in conducting enquiries.

"For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries," said Chief Superintendent Francis Chan, Chairman of INTERPOL's Eurasian cybercrime working group and Head of the Hong Kong Police Force's cybercrime unit . "It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via INTERPOL, and is a blueprint for future operations."